Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-28995 PoC — SolarWinds Serv-U L Directory Transversal Vulnerability

Source
https://github.com/bigb0x/CVE-2024-28995
Associated Vulnerability
Title:SolarWinds Serv-U L Directory Transversal Vulnerability (CVE-2024-28995)
Description:SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Description
CVE-2024-28995 POC Vulnerability Scanner
Readme
# CVE-2024-28995 PoC and Bulk Scanner

## Overview

This repository contains a proof-of-concept (PoC) and a bulk scanner for the SolarWinds Serv-U CVE-2024-28995 directory traversal vulnerability. This vulnerability allows unauthorized access to read sensitive files on the host machine. The vulnerability was discovered and reported by Hussein Daher.

![Banner](screenshots/screen.png)

## Features

- **Single Target Scan**: Scan a single URL for the CVE-2024-28995 vulnerability.
- **Bulk Scan**: Scan multiple URLs from a file for the CVE-2024-28995 vulnerability.
- **Multi-threading**: Utilizes multi-threading to scan multiple targets concurrently.
- **Multiple payloads**: The script checks for two payloads for CVE-2024-28995 vulnerability.

## How to Use

### Single Target Scan

To scan a single target IP:
```sh
python cve-2024-28995.py -ip IP
```

### Bulk Target Scan
To mass scan bulk targets IPs:
```sh
python cve-2024-28995.py -f targets.txt
```

### Example Output
To scan a single target URL:
```sh
[01:55:10][INFO] Vulnerable Windows Device: https://IP
```

## Installation

### Minimum Requirements

- Python 3.6 or higher
- `requests` library

### Installing The Script

```sh
git clone https://github.com/bigb0x/CVE-2024-28995.git cve-2024-28995; cd cve-2024-28995
```

### Installing Required Packages

Install the required packages using pip:

```sh
pip install requests
```

## Author

This tool was created by [M Ali](https://x.com/MohamedNab1l). More details can be found in this [post](https://www.thehackerwire.com/testing-and-exploiting-solarwinds-serv-u-cve-2024-28995-vulnerability)

## License

This project is licensed under the MIT License.

## Disclaimer

This provided tool is for educational purposes only. I do not encourage, condone, or support unauthorized access to any system or network. Use this tool responsibly and only on systems you have explicit permission to test. Any actions and consequences resulting from misuse of this tool are your own responsibility.

## References
-  https://nvd.nist.gov/vuln/detail/CVE-2024-28995
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →